Despite many of the disruptions caused by COVID-19 over the last 12 months it remains vital that organisations maintain their cyber security governance. Maintaining security defences and avoiding security vulnerabilities will hopefully prevent the unwelcome...
Read MoreToo many boards still lack visibility or understanding of the problems, while internal audit functions can lack the specialist skills to challenge boards and management to plug urgent gaps. Geoff Summerhayes, APRA Executive Board Member
Read MoreOne of the challenges in cyber security is how to measure the status of security controls to quantify cyber risk - even controls that should be ubiquitous, baseline and foundational. This problem has a number of dimensions – for example when looking...
Read MoreA recently discovered vulnerability in Microsoft’s Netlogon authentication protocol (CVE-2020-1472) allows attackers to establish a vulnerable Netlogon secure channel connection to a domain controller. If an attacker successfully exploits this vulnerability,...
Read MoreThis blog looks at how the MITRE ATT&CK matrix can be used to complement the work of your incident response team in the Security Operations Centre (SOC). It explores how it can help incident responders structure and streamline their investigations. ...
Read MoreThe perfect cyber security storm that COVID-19 created has ushered in new cyber security operating models for many businesses. Many organisations are now switching focus from network security risk to endpoint security as a result of the move to working...
Read MoreCyber security teams use threat modelling to represent sets of adversary tactics and techniques that may be used to a compromise their computer systems. These threat models contain representations of the ICT systems, networks and applications, combined...
Read MoreThe MITRE ATT&CK Framework of tactics and techniques used by attackers to probe and compromise systems is attracting a lot of attention. We’ve covered it in several blogs posts here, here and here. But is it just a framework for enterprises to...
Read MoreThere’s a lot of discussion about Australian cyber security right now, AustCyber has just released the Australian Digital Trust Report 2020, the Australian Cyber Security Industry Advisory Panel report will shortly hand down its recommendations to Government. ...
Read MoreThe MITRE ATT&CK framework is a resource that security operations centre (SOC) teams can use to refine their detection rules against known attack profiles. Using ATT&CK allows them to build specific targeted defences against advanced persistent...
Read More